Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Manually Patch Cisco ISE Deployment

Is there a documented process for manually installing patch bundles in ISE? We had a bad experience last spring with deploying Patch 8 through the "fire and forget" patch installation through the GUI. We have held off far too long on patching our 20 node deployment and I will be asked whether the process failure was due to Patch 8, or whether the patching process itself failed. Please let me know if there is a procedure on how one would go about manually patching a deployment via the CLI.


Thank you

  • AAA Identity and NAC
Cisco Employee

install a patch from a

install a patch from a primary administration node that is part of a distributed deployment, Cisco ISE installs the patch on the primary node and then all the secondary nodes in the deployment. If the patch installation is successful on the primary node, Cisco ISE then continues patch installation on the secondary nodes. If it fails on the primary node, the installation does not proceed to the secondary nodes. However, if the installation fails on any of the secondary nodes for any reason, it still continues with the next secondary node in your deployment. Secondary Cisco ISE nodes are restarted consecutively after the patch is installed on those nodes. While installing a patch on secondary nodes, you can continue to perform tasks on the primary administration node.

New Member

I understand how the process

I understand how the process works, or at least how it is supposed to work. In this case back in the spring, our Admin and MNT primary and secondary nodes upgraded successfully, it was when it started rolling out the upgrades to our Policy nodes when it started failing. At that time, both or primary and secondary PSN's for all of our Wireless LAN Controllers failed to upgrade properly and were non-functional. We were forced either to roll back or manually reboot the policy nodes in order to get them online again. I am looking to avoid this situation again. I had done many patches prior to this failure, all without issue, but this had high visibility when the upgrade failed as it affected hundreds of wireless users.

This widget could not be displayed.